sync-main
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is designed to execute powerful git commands including 'fetch', 'merge', and 'rebase'. These commands interact with remote repositories and modify the local state of the file system.\n- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core workflow.\n
- Ingestion points: The agent reads 'git status' and the specific contents of source files containing merge conflict markers which originate from external branches or remotes.\n
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to separate untrusted file data from the agent's task logic.\n
- Capability inventory: The skill has both 'execute' capabilities (via git subprocesses) and 'write' capabilities (resolving conflicts by modifying file content).\n
- Sanitization: There is no evidence of sanitization or filtering for the external content being processed. An attacker could embed malicious instructions within a file or commit in the 'origin/main' branch that the agent might obey while attempting to 'resolve conflicts' or 'summarize changes'.
Recommendations
- AI detected serious security threats
Audit Metadata